Hello,
[email protected] (Landry Breuil), 2026.05.15 (Fri) 10:00 (CEST):
> Le Wed, May 13, 2026 at 06:06:12PM +0200, Marcus MERIGHI a écrit :
> > our SOGo is at 5.12.7.
> > 5.12.8: Four major vulnerabilities have been reported and fixed
> > (You can find the entire release e-mail below.)
> > I've had a go on SOPE-5.12.8.tar.gz, a prerequisite.
> > It failed with:
> > +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> > if [ -r "STXSaxDriver-Info.plist" ]; then \
> > plmerge STXSaxDriver.sax/Resources/Info-gnustep.plist
> > STXSaxDriver-Info.plist; \
> > fi
> > Segmentation fault (core dumped)
> > gmake[4]: ***
> > [/usr/local/share/GNUstep/Makefiles/Instance/bundle.make:301:
> > STXSaxDriver.sax/Resources/Info-gnustep.plist] Error 139
> > [...]
> > +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
> thanks for the headsup, builds fine here without that strange plmerge
> segfault, but i know nothing to this objc thing... dont you have old
> .libs-* pkg installed ?
No, no such packages.
I thought it might have been because I built with FETCH_PACKAGES=-Dsnap,
but the the plmerge segfault happened without it, too.
I had another go after removing pobj/*, x11/gnustep/*,
packages/amd64/*/*, meta/gnustep and cvs updating afterwards, followed
by applying your patch. Still no success, same failure.
All on -current as of yesterday evening in europe/vienna timezone.
Therefore I could not runtime test your patch on my daily driver, let
alone my live SOGo server, that is on 7.8.
> diff attached for sogo/sope, with a PLIST update
thanks for picking it up, successfully.
What is it going to take to get this onto 7.9, once that is out?
The bugs sound serious to me:
"2 possible XSS injections with malicious mail: fixed.
1 possible SQL injection with specific request: fixed."
Thanks, Marcus
> ? sope/SOPE-5.12.4-libDOM.so.6.0
> ? sope/SOPE-5.12.4-libEOControl.so.6.0
> ? sope/SOPE-5.12.4-libGDLAccess.so.6.0
> ? sope/SOPE-5.12.4-libNGExtensions.so.6.0
> ? sope/SOPE-5.12.4-libNGLdap.so.6.0
> ? sope/SOPE-5.12.4-libNGMime.so.6.0
> ? sope/SOPE-5.12.4-libNGObjWeb.so.6.0
> ? sope/SOPE-5.12.4-libNGStreams.so.6.0
> ? sope/SOPE-5.12.4-libSBJson.so.6.0
> ? sope/SOPE-5.12.4-libSaxObjC.so.6.0
> ? sope/SOPE-5.12.4-libWEExtensions.so.6.0
> ? sope/SOPE-5.12.4-libWOExtensions.so.6.0
> ? sope/SOPE-5.12.4-libXmlRpc.so.6.0
> ? sope/SOPE-5.12.7-libDOM.so.6.0
> ? sope/SOPE-5.12.7-libEOControl.so.6.0
> ? sope/SOPE-5.12.7-libGDLAccess.so.6.0
> ? sope/SOPE-5.12.7-libNGExtensions.so.6.0
> ? sope/SOPE-5.12.7-libNGLdap.so.6.0
> ? sope/SOPE-5.12.7-libNGMime.so.6.0
> ? sope/SOPE-5.12.7-libNGObjWeb.so.6.0
> ? sope/SOPE-5.12.7-libNGStreams.so.6.0
> ? sope/SOPE-5.12.7-libSBJson.so.6.0
> ? sope/SOPE-5.12.7-libSaxObjC.so.6.0
> ? sope/SOPE-5.12.7-libWEExtensions.so.6.0
> ? sope/SOPE-5.12.7-libWOExtensions.so.6.0
> ? sope/SOPE-5.12.7-libXmlRpc.so.6.0
> ? sogo/sogo-3.2.9.diff
> ? sogo/sogo-5.12.4-libGDLContentStore.so.3.1
> ? sogo/sogo-5.12.4-libNGCards.so.3.1
> ? sogo/sogo-5.12.4-libSOGo.so.5.3
> ? sogo/sogo-5.12.4-libSOGoUI.so.2.2
> ? sogo/sogo-5.12.7-libGDLContentStore.so.3.1
> ? sogo/sogo-5.12.7-libNGCards.so.3.1
> ? sogo/sogo-5.12.7-libSOGo.so.5.3
> ? sogo/sogo-5.12.7-libSOGoUI.so.2.2
> ? sogo/patches/patch-Scripts_sql-update-3_2_10_to_4_0_0-mysql_sh
> ? sogo/patches/patch-Scripts_sql-update-3_2_10_to_4_0_0_sh
> Index: sope/Makefile
> ===================================================================
> RCS file: /cvs/ports/www/sope/Makefile,v
> diff -u -r1.106 Makefile
> --- sope/Makefile 6 May 2026 13:26:09 -0000 1.106
> +++ sope/Makefile 15 May 2026 07:57:13 -0000
> @@ -2,7 +2,7 @@
> COMMENT-mysql= SOPE MySQL adaptor
> COMMENT-postgres= SOPE PostgreSQL adaptor
>
> -VERSION = 5.12.7
> +VERSION = 5.12.8
> DISTNAME = SOPE-${VERSION}
> PKGNAME-main = sope-${VERSION}
> PKGNAME-mysql = sope-mysql-${VERSION}
> Index: sope/distinfo
> ===================================================================
> RCS file: /cvs/ports/www/sope/distinfo,v
> diff -u -r1.65 distinfo
> --- sope/distinfo 6 May 2026 13:26:09 -0000 1.65
> +++ sope/distinfo 15 May 2026 07:57:13 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (SOPE-5.12.7.tar.gz) = CyfQ15P7yEQmDwqwcCVejdBf5aRdLfFBx6CIgh+Pg/M=
> -SIZE (SOPE-5.12.7.tar.gz) = 2307155
> +SHA256 (SOPE-5.12.8.tar.gz) = CyfQ15P7yEQmDwqwcCVejdBf5aRdLfFBx6CIgh+Pg/M=
> +SIZE (SOPE-5.12.8.tar.gz) = 2307155
> Index: sogo/Makefile
> ===================================================================
> RCS file: /cvs/ports/www/sogo/Makefile,v
> diff -u -r1.118 Makefile
> --- sogo/Makefile 6 May 2026 13:26:09 -0000 1.118
> +++ sogo/Makefile 15 May 2026 07:57:14 -0000
> @@ -1,6 +1,6 @@
> COMMENT = web based groupware server
>
> -VERSION = 5.12.7
> +VERSION = 5.12.8
> DISTNAME = SOGo-${VERSION}
> PKGNAME = sogo-${VERSION}
>
> Index: sogo/distinfo
> ===================================================================
> RCS file: /cvs/ports/www/sogo/distinfo,v
> diff -u -r1.63 distinfo
> --- sogo/distinfo 6 May 2026 13:26:09 -0000 1.63
> +++ sogo/distinfo 15 May 2026 07:57:14 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (SOGo-5.12.7.tar.gz) = xcHvqOE7Ugkc9SfiptoUr/tT7EmgdxjUN7Xg1bxP2ws=
> -SIZE (SOGo-5.12.7.tar.gz) = 37847103
> +SHA256 (SOGo-5.12.8.tar.gz) = BfgbYEZR9y3pTIuwEsxeauoX+NMoEWFCP+5vCR3SoOk=
> +SIZE (SOGo-5.12.8.tar.gz) = 37848204
> Index: sogo/pkg/PLIST
> ===================================================================
> RCS file: /cvs/ports/www/sogo/pkg/PLIST,v
> diff -u -r1.62 PLIST
> --- sogo/pkg/PLIST 20 Mar 2026 10:48:28 -0000 1.62
> +++ sogo/pkg/PLIST 15 May 2026 07:57:14 -0000
> @@ -821,6 +821,8 @@
>
> lib/GNUstep/SOGo/AdministrationUI.SOGo/Resources/Galician.lproj/Localizable.strings
> lib/GNUstep/SOGo/AdministrationUI.SOGo/Resources/German.lproj/
>
> lib/GNUstep/SOGo/AdministrationUI.SOGo/Resources/German.lproj/Localizable.strings
> +lib/GNUstep/SOGo/AdministrationUI.SOGo/Resources/Greek.lproj/
> +lib/GNUstep/SOGo/AdministrationUI.SOGo/Resources/Greek.lproj/Localizable.strings
> lib/GNUstep/SOGo/AdministrationUI.SOGo/Resources/Hebrew.lproj/
>
> lib/GNUstep/SOGo/AdministrationUI.SOGo/Resources/Hebrew.lproj/Localizable.strings
> lib/GNUstep/SOGo/AdministrationUI.SOGo/Resources/Hungarian.lproj/
> @@ -919,6 +921,8 @@
>
> lib/GNUstep/SOGo/Appointments.SOGo/Resources/Galician.lproj/Localizable.strings
> lib/GNUstep/SOGo/Appointments.SOGo/Resources/German.lproj/
> lib/GNUstep/SOGo/Appointments.SOGo/Resources/German.lproj/Localizable.strings
> +lib/GNUstep/SOGo/Appointments.SOGo/Resources/Greek.lproj/
> +lib/GNUstep/SOGo/Appointments.SOGo/Resources/Greek.lproj/Localizable.strings
> lib/GNUstep/SOGo/Appointments.SOGo/Resources/Hebrew.lproj/
> lib/GNUstep/SOGo/Appointments.SOGo/Resources/Hebrew.lproj/Localizable.strings
> lib/GNUstep/SOGo/Appointments.SOGo/Resources/Hungarian.lproj/
> @@ -1022,6 +1026,8 @@
> lib/GNUstep/SOGo/CommonUI.SOGo/Resources/Galician.lproj/Localizable.strings
> lib/GNUstep/SOGo/CommonUI.SOGo/Resources/German.lproj/
> lib/GNUstep/SOGo/CommonUI.SOGo/Resources/German.lproj/Localizable.strings
> +lib/GNUstep/SOGo/CommonUI.SOGo/Resources/Greek.lproj/
> +lib/GNUstep/SOGo/CommonUI.SOGo/Resources/Greek.lproj/Localizable.strings
> lib/GNUstep/SOGo/CommonUI.SOGo/Resources/Hebrew.lproj/
> lib/GNUstep/SOGo/CommonUI.SOGo/Resources/Hebrew.lproj/Localizable.strings
> lib/GNUstep/SOGo/CommonUI.SOGo/Resources/Hungarian.lproj/
> @@ -1121,6 +1127,8 @@
> lib/GNUstep/SOGo/Contacts.SOGo/Resources/Galician.lproj/Localizable.strings
> lib/GNUstep/SOGo/Contacts.SOGo/Resources/German.lproj/
> lib/GNUstep/SOGo/Contacts.SOGo/Resources/German.lproj/Localizable.strings
> +lib/GNUstep/SOGo/Contacts.SOGo/Resources/Greek.lproj/
> +lib/GNUstep/SOGo/Contacts.SOGo/Resources/Greek.lproj/Localizable.strings
> lib/GNUstep/SOGo/Contacts.SOGo/Resources/Hebrew.lproj/
> lib/GNUstep/SOGo/Contacts.SOGo/Resources/Hebrew.lproj/Localizable.strings
> lib/GNUstep/SOGo/Contacts.SOGo/Resources/Hungarian.lproj/
> @@ -1219,6 +1227,8 @@
> lib/GNUstep/SOGo/ContactsUI.SOGo/Resources/Galician.lproj/Localizable.strings
> lib/GNUstep/SOGo/ContactsUI.SOGo/Resources/German.lproj/
> lib/GNUstep/SOGo/ContactsUI.SOGo/Resources/German.lproj/Localizable.strings
> +lib/GNUstep/SOGo/ContactsUI.SOGo/Resources/Greek.lproj/
> +lib/GNUstep/SOGo/ContactsUI.SOGo/Resources/Greek.lproj/Localizable.strings
> lib/GNUstep/SOGo/ContactsUI.SOGo/Resources/Hebrew.lproj/
> lib/GNUstep/SOGo/ContactsUI.SOGo/Resources/Hebrew.lproj/Localizable.strings
> lib/GNUstep/SOGo/ContactsUI.SOGo/Resources/Hungarian.lproj/
> @@ -1318,6 +1328,8 @@
>
> lib/GNUstep/SOGo/MailPartViewers.SOGo/Resources/Galician.lproj/Localizable.strings
> lib/GNUstep/SOGo/MailPartViewers.SOGo/Resources/German.lproj/
>
> lib/GNUstep/SOGo/MailPartViewers.SOGo/Resources/German.lproj/Localizable.strings
> +lib/GNUstep/SOGo/MailPartViewers.SOGo/Resources/Greek.lproj/
> +lib/GNUstep/SOGo/MailPartViewers.SOGo/Resources/Greek.lproj/Localizable.strings
> lib/GNUstep/SOGo/MailPartViewers.SOGo/Resources/Hebrew.lproj/
>
> lib/GNUstep/SOGo/MailPartViewers.SOGo/Resources/Hebrew.lproj/Localizable.strings
> lib/GNUstep/SOGo/MailPartViewers.SOGo/Resources/Hungarian.lproj/
> @@ -1416,6 +1428,8 @@
> lib/GNUstep/SOGo/Mailer.SOGo/Resources/Galician.lproj/Localizable.strings
> lib/GNUstep/SOGo/Mailer.SOGo/Resources/German.lproj/
> lib/GNUstep/SOGo/Mailer.SOGo/Resources/German.lproj/Localizable.strings
> +lib/GNUstep/SOGo/Mailer.SOGo/Resources/Greek.lproj/
> +lib/GNUstep/SOGo/Mailer.SOGo/Resources/Greek.lproj/Localizable.strings
> lib/GNUstep/SOGo/Mailer.SOGo/Resources/Hebrew.lproj/
> lib/GNUstep/SOGo/Mailer.SOGo/Resources/Hebrew.lproj/Localizable.strings
> lib/GNUstep/SOGo/Mailer.SOGo/Resources/Hungarian.lproj/
> @@ -1791,6 +1805,8 @@
> lib/GNUstep/SOGo/MailerUI.SOGo/Resources/Galician.lproj/Localizable.strings
> lib/GNUstep/SOGo/MailerUI.SOGo/Resources/German.lproj/
> lib/GNUstep/SOGo/MailerUI.SOGo/Resources/German.lproj/Localizable.strings
> +lib/GNUstep/SOGo/MailerUI.SOGo/Resources/Greek.lproj/
> +lib/GNUstep/SOGo/MailerUI.SOGo/Resources/Greek.lproj/Localizable.strings
> lib/GNUstep/SOGo/MailerUI.SOGo/Resources/Hebrew.lproj/
> lib/GNUstep/SOGo/MailerUI.SOGo/Resources/Hebrew.lproj/Localizable.strings
> lib/GNUstep/SOGo/MailerUI.SOGo/Resources/Hungarian.lproj/
> @@ -1907,6 +1923,9 @@
> lib/GNUstep/SOGo/MainUI.SOGo/Resources/German.lproj/
> lib/GNUstep/SOGo/MainUI.SOGo/Resources/German.lproj/Locale
> lib/GNUstep/SOGo/MainUI.SOGo/Resources/German.lproj/Localizable.strings
> +lib/GNUstep/SOGo/MainUI.SOGo/Resources/Greek.lproj/
> +lib/GNUstep/SOGo/MainUI.SOGo/Resources/Greek.lproj/Locale
> +lib/GNUstep/SOGo/MainUI.SOGo/Resources/Greek.lproj/Localizable.strings
> lib/GNUstep/SOGo/MainUI.SOGo/Resources/Hebrew.lproj/
> lib/GNUstep/SOGo/MainUI.SOGo/Resources/Hebrew.lproj/Locale
> lib/GNUstep/SOGo/MainUI.SOGo/Resources/Hebrew.lproj/Localizable.strings
> @@ -2048,6 +2067,8 @@
>
> lib/GNUstep/SOGo/PreferencesUI.SOGo/Resources/Galician.lproj/Localizable.strings
> lib/GNUstep/SOGo/PreferencesUI.SOGo/Resources/German.lproj/
>
> lib/GNUstep/SOGo/PreferencesUI.SOGo/Resources/German.lproj/Localizable.strings
> +lib/GNUstep/SOGo/PreferencesUI.SOGo/Resources/Greek.lproj/
> +lib/GNUstep/SOGo/PreferencesUI.SOGo/Resources/Greek.lproj/Localizable.strings
> lib/GNUstep/SOGo/PreferencesUI.SOGo/Resources/Hebrew.lproj/
>
> lib/GNUstep/SOGo/PreferencesUI.SOGo/Resources/Hebrew.lproj/Localizable.strings
> lib/GNUstep/SOGo/PreferencesUI.SOGo/Resources/Hungarian.lproj/
> @@ -2146,6 +2167,8 @@
>
> lib/GNUstep/SOGo/SchedulerUI.SOGo/Resources/Galician.lproj/Localizable.strings
> lib/GNUstep/SOGo/SchedulerUI.SOGo/Resources/German.lproj/
> lib/GNUstep/SOGo/SchedulerUI.SOGo/Resources/German.lproj/Localizable.strings
> +lib/GNUstep/SOGo/SchedulerUI.SOGo/Resources/Greek.lproj/
> +lib/GNUstep/SOGo/SchedulerUI.SOGo/Resources/Greek.lproj/Localizable.strings
> lib/GNUstep/SOGo/SchedulerUI.SOGo/Resources/Hebrew.lproj/
> lib/GNUstep/SOGo/SchedulerUI.SOGo/Resources/Hebrew.lproj/Localizable.strings
> lib/GNUstep/SOGo/SchedulerUI.SOGo/Resources/Hungarian.lproj/
> @@ -2318,6 +2341,9 @@
> lib/GNUstep/SOGo/Templates/SOGoACLGermanAdditionAdvisory.wox
> lib/GNUstep/SOGo/Templates/SOGoACLGermanModificationAdvisory.wox
> lib/GNUstep/SOGo/Templates/SOGoACLGermanRemovalAdvisory.wox
> +lib/GNUstep/SOGo/Templates/SOGoACLGreekAdditionAdvisory.wox
> +lib/GNUstep/SOGo/Templates/SOGoACLGreekModificationAdvisory.wox
> +lib/GNUstep/SOGo/Templates/SOGoACLGreekRemovalAdvisory.wox
> lib/GNUstep/SOGo/Templates/SOGoACLHebrewAdditionAdvisory.wox
> lib/GNUstep/SOGo/Templates/SOGoACLHebrewModificationAdvisory.wox
> lib/GNUstep/SOGo/Templates/SOGoACLHebrewRemovalAdvisory.wox
> @@ -2433,6 +2459,8 @@
> lib/GNUstep/SOGo/Templates/SOGoFolderGalicianRemovalAdvisory.wox
> lib/GNUstep/SOGo/Templates/SOGoFolderGermanAdditionAdvisory.wox
> lib/GNUstep/SOGo/Templates/SOGoFolderGermanRemovalAdvisory.wox
> +lib/GNUstep/SOGo/Templates/SOGoFolderGreekAdditionAdvisory.wox
> +lib/GNUstep/SOGo/Templates/SOGoFolderGreekRemovalAdvisory.wox
> lib/GNUstep/SOGo/Templates/SOGoFolderHebrewAdditionAdvisory.wox
> lib/GNUstep/SOGo/Templates/SOGoFolderHebrewRemovalAdvisory.wox
> lib/GNUstep/SOGo/Templates/SOGoFolderHungarianAdditionAdvisory.wox
